This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration.Need a new registration confirmation email? Click here

The cyber espionage campaign, dubbed "Operation Ke3chang" by FireEye researchers, used the Syrian crisis to falsely advertise updates about the ongoing situation to compromise MFA networks in Europe. FireEye research has discovered that the attackers are likely operating out of China and have been active since at least 2010. However, the Syria-themed attacks against MFAs began only in August 2013. The timing of the attacks precedes a G20 meeting held in Russia that focused on the crisis in Syria.
1

"Diplomatic missions, including ministries of foreign affairs, are high-priority targets for today's threat actors," said Darien Kindlund, manager of threat intelligence at FireEye. "Large-scale cyber espionage campaigns have demonstrated that government agencies around the world, including embassies, are vulnerable to targeted cyber attacks."

FireEye gained visibility into one of 23 known command-and-control (CnC) servers operated by the Ke3chang actor for about one week. During this time, FireEye discovered 21 compromised machines connecting to the CnC server. These included what appeared to be three administrative tests by the attackers and two connections from other malware researchers. Among the targets, FireEye identified nine compromises at government ministries in five different European countries. Eight of these compromises were at MFAs.

While FireEye had visibility into the CnC server, researchers saw the attackers engage in post-compromise information gathering and lateral movement on the target network, whereupon FireEye immediately contacted the relevant authorities and began the notification process.

About FireEye, Inc.FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The
FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,300 customers across more than 40 countries, including over 100 of the Fortune 500.